Product DocsMenu

Granting Impersonator Privileges

In CES, impersonation is used as a way to allow remote Front-End applications to gain access to collections.

Example: When the search interfaces and the index are located on different servers, the Back-End server must be configured to accept queries from the Front-End servers. On each Coveo Master server, this is done by adding an impersonator for the identity running the AppPool of the remote process for each Front-End server.

To grant impersonator privileges to an account

  1. On the Back-End server, open the Administration Tool (Windows Start menu > All Programs > Coveo Enterprise Search 7 > Administration Tool).

  2. In the Administration Tool, select Configuration > Security.

  3. In the navigation panel on the left, click Impersonators.

  4. In the Impersonators page:

    1. Click Add.

    2. In the Add Identity dialog box, specify the user to which you want to grant impersonation privileges (see Using the Identity Picker Form).


      • In the Name box, enter the account in the domain\username form for the Coveo instance (Front-End server) from which you want to access this index for both: 

      • When the account used is NT AUTHORITY\NETWORK SERVICE, enter the account name in the form domain\MachineName$ where MachineName is the name of the server from which you send queries (Front-End server).

    3. Click Add.

      The account name is added to the list of impersonators.

What's Next?

On your Front-End server(s), in the Coveo .NET Front-End web.config file, add the impersonate="true" attribute to the <server hostname="localhost" port="52800" enable65SearchAPI="true" impersonate="true"/> line to complete the impersonation configuration.

People who viewed this topic also viewed